﻿using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;

public partial class left1 : System.Web.UI.UserControl
{
    bool v;
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Convert.ToString(Session["username"]) != "")
        {
            this.Panel2.Visible = true;
            this.Panel1.Visible = false;
            this.Label1.Text = Session["username"].ToString();
            if(Convert.ToString(Session["adminname"])!="")
            {
                this.HyperLink3.Visible = false;
                this.LinkButton1.Visible = false;
            }
        }
    }
    public string message(string str)
    {
        string mes = "<script language=javascript>alert('" + str + "');location='javascript:history.go(-1)'</script>";
        return mes;
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        if (this.Username.Text == "")
        {
            Response.Write(this.message("用户名不能为空"));
            Response.End();
        }
        if (this.Userpwd.Text == "")
        {
            Response.Write(this.message("密码不能为空"));
            Response.End();
        }
        if (va(this.Username.Text))
        {
            Response.Write(this.message("用户名中含有非法字符串"));
            Response.End();
        }
        if (va(this.Userpwd.Text))
        {
            Response.Write(this.message("密码中含有非法字符串"));
            Response.End();
        }
        SqlConnection strcon = Class1.DBconnection();
        strcon.Open();
        SqlCommand scd = new SqlCommand("select count(*) from tb_User where Username='" + this.Username.Text.ToString() + "' and Userpwd='" + this.Userpwd.Text.ToString() + "' ", strcon);
        int count = Convert.ToInt32(scd.ExecuteScalar());
        if (count > 0)
        {
            Session["username"] = this.Username.Text.ToString();
            this.Panel2.Visible = true;
            this.Panel1.Visible = false;
            this.Label1.Text = Session["username"].ToString();
        }
        else
        {
            Response.Write(this.message("用户名或者密码错误"));
        }
    }
    protected void LinkButton1_Click(object sender, EventArgs e)
    {
        Session["username"] = "";
        Response.Redirect("default.aspx");
    }
    public bool va(string str)
    {
        for (int i = 0; i < (int)str.Length; i++)
        {
            string name = str.Substring(i, 1);
            if (name == "'" || name == "%" || name == "<" || name == ">" || name == "&" || name == "|")
            {
                v = true;
                break;
            }
        }
        return v;
    }
}
